Attending AWS re:Invent is always an exceptional experience and, despite it being virtual, this year was no different. As usual, there were the expected announcements of bigger better and faster services and components. AWS always shows a remarkable level of innovation with many more announcements than it is practical to cover comprehensively. Therefore, in this blog, I will focus on what I think are some of the highlights in the areas of hybrid IT, edge computing, machine learning as well as security and compliance.
There is an old adage – “Keep it Simple Stupid” and this is excellent advice. In his keynote, Andy Jassy described the need for organization to avoid complexity in order to achieve agility. This is the thinking that lies behind how AWS is evolving its services towards platforms focussed on simplifying the solutions to real-world problems. Jassy also described how he believes the definition of the hybrid cloud needs to be rethought.
What now exists in most organizations is a complex mixture of IT services some delivered on-premises and some delivered through the cloud. This is currently defined as hybrid IT.
However, there is now an increase in computing outside of the data centre and at the edge where much of the useful data exists. In addition, advanced networking capabilities provided by technologies like 5G will increase access to this data as well as augment the possibilities for remote control and automation.
In his keynote, Jassy stated that people have become too settled on the definition of hybrid as meaning on-premises plus cloud. AWS’s vision is that there are now so many IT components outside of the data centre, in offices, factories, on ships and elsewhere that cloud plus the edge will become the dominant elements in the future IT infrastructure. This is a vision for clouds of things being the infrastructure for the organization of tomorrow.
However, managing and securing this increasingly complex set of services, upon which the world has now become dependent, are now the critical factor. Just consider the impact of the recent short Google outage with people complaining that they could not switch the lights on in their home.
Given the importance placed on this area by Jassy, there were several announcements.
Like other vendors, AWS offers a “cloud in a box” which the customer can deploy wherever it is needed. There may be several reasons that customers choose this including proximity to data, compliance related to service/data location, and network latency. AWS announced that AWS Outposts will be offered in 2 new sizes, including a smaller size in 2 flavours Graviton / Intel.
AWS says that they now have thousands of customers using this. One key benefit of this product is that it enables the full range of Machine Learning services close to where they may be needed. Since most of this is managed by AWS, it effectively extends the cloud to wherever it is located. However, beware - this introduces some extra customer responsibilities – for physical security, power and local infrastructure as shown in figure 1. It therefore adds a little more complexity to the already complex hybrid management challenges.
Figure 1: Customer responsibilities for IaaS and Cloud on Premises
IoT is an important element of AWS’s vision of this new hybrid IT environment and there were several announcements in this area. AWS IoT Greengrass release 2.0 is now available - this provides an open-source edge runtime, which includes a set of pre-built software components, tools for local software development, and new features for managing device software on large fleets of devices.
Another area is integration with 5G to achieve very low network latency. AWS achieves this through what they call “Local Zones”. Here AWS infrastructure is deployed closer to large population, industry, and IT centres where no AWS region exists. AWS announced a preview of AWS Local Zones in Boston, Houston, and Miami, with plans to launch 12 additional AWS Local Zones throughout 2021 in key metro areas in the United States including Atlanta, Chicago, and New York. There are currently no plans for these in Europe.
5G is not the only communication type supported. AWS also announced AWS IoT Core for LoRaWAN, a fully managed capability that allows AWS IoT Core customers to connect and manage wireless devices that use low-power long-range wide area network (LoRaWAN) connectivity with the AWS cloud. It enables them to set up a private LoRaWAN network by connecting their own LoRaWAN devices and gateways to the AWS cloud - without developing or operating a LoRaWAN Network Server (LNS).
AWS says that their innovation always follows customer demands and so it is interesting to note how AWS is expanding their services with a focus on an industrial plant.
AWS announced Amazon Lookout for Equipment, a service which provides a way for customers with existing sensors on their industrial equipment, to send their sensor data to AWS to build machine learning models and return predictions to detect abnormal equipment behaviour. This enables predictive maintenance that allows them to act before machine failures occur and avoid unplanned downtime.
Amazon Lookout for Vision is a new machine learning service to find visual defects in industrial products, accurately and at scale. It uses computer vision to identify missing components in products, damage to vehicles or structures, irregularities in production lines, and even minuscule defects in silicon wafers — or any other physical item where quality is important.
In addition, AWS announced AWS IoT SiteWise Edge (Preview), a new feature of AWS IoT SiteWise providing software that runs on-premises at industrial sites and makes it easy to collect, process, and monitor equipment data locally before sending the data to AWS Cloud destinations.
In line with AWS’s intentions to make it simpler to use their services, several new useful tools have now been now fully integrated into Amazon SageMaker.
One interesting example is the announcement of Amazon SageMaker Clarify to help machine learning developers achieve greater visibility into their training data and models so they can identify and limit bias and explain predictions.
Training machine learning models is hard because a neural network does not provide an explanation of why a conclusion was reached. In addition, this also makes it difficult to ensure that the neural network has not been trained on biased data. There are mathematical models from game theory that can help in this area – notably the use of Shapely values that help to show the relative contribution made by different elements. The challenge is that some of the tools available are not robust or well-integrated.
Amazon SageMaker Clarify provides an integrated approach to detect potential bias during data preparation, after training, and in the deployed model by examining attributes specified. SageMaker Clarify also includes feature importance graphs that help to explain model predictions and produces reports that can be used to identify issues with the model that can then be corrected.
Security and Compliance
Stephen Schmidt AWS CISO in his keynote reviewed the AWS security capabilities that customers had found most impactful during 2020. Top of this list was Amazon Guard Duty S3 Protection. This emphasizes the importance organizations place on taking care of their data how the first sign of a cyber-attack is often unusual access to data.
While AWS take great care to secure the service that they deliver organizations still have concerns over how they can prove that their use of the service meets their security objectives and compliance obligations.
This often involves manually collecting and collating evidence from multiple sources to respond to queries from internal and external auditors. To simplify this process AWS announced AWS Audit Manager.
This is a new service that helps to continuously audit AWS usage to assess risk and to demonstrate compliance with regulations and industry standards. It automates the collection of evidence on whether the controls are operating and effective. It includes predefined templates for common compliance needs such as CIS AWS Foundations Benchmark, the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS).
It is expected that internal and external auditors will be the main users of this service.
AWS has a unique approach to innovation with a very strong focus on providing what the customer wants. Accepting the need for simplification in the complex world of IT services is very welcome and the announcements show how AWS is achieving this for its platform.
AWS’s alternative vision for the hybrid cloud recognises that the future of the IoT is inescapably linked with the cloud. The IoT will actually become the clouds of things.
However, while it is right to emphasize this aspect of hybrid IT for the future, today many organizations are struggling today with the problems of securing and managing their mixture of SaaS, IaaS and on-premises services and a solution to this problem is urgently needed.
The release of AWS SageMaker Clarify provides a useful out of the box solution for some of the current challenges of bias and explanation related to machine learning. However, while it provides a robust implementation of the state of the art in this area, it does not provide a revolutionary solution.
AWS Audit Manager will provide welcome capabilities for organizations to reduce the costs of demonstrating the effectiveness of their AWS controls and how these are meeting their compliance obligations. The challenges of doing this for the whole heterogeneous IT stack involved in many business-critical applications remain to be solved.
For more detailed research on these topics:
European Identity & Cloud Conference 2021